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DETAILED ACTION 

1 . This is in response to the application filed on 3/1 21 2004. Claims 1 -41 are pending. 

Claims 1-41 are directed to method and apparatus providing device-initiated network 
management. 

2. This application currently names joint inventors. In considering patentability of the 
claims under 35 U.S.C. 1 03(a), the examiner presumes that the subject matter of the 
various claims was commonly owned at the time any inventions covered therein were 
made absent any evidence to the contrary. Applicant is advised of the obligation under 
37 CFR 1 .56 to point out the inventor and invention dates of each claim that was not 
commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 
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(b) the invention was patented or described in a printed publication in this or a 
foreign country or in public use or on sale in this country, more than one year 
prior to the date of application for patent in the United States. 

5. Claims 1-41 are rejected under 35 U.S.C. 102(e) as being anticipated by Porras et 
al. (US 6,321,338 B1). 

Porras discloses the invention as claimed including method and apparatus providing 
device-initiated network management. 

Regarding claim 1 , Porras discloses a method of managing a network entity that is 
initiated by the network entity, the method comprising the computer-implemented steps 
performed at the network entity of: monitoring the network entity (Porras, column 6, 
lines 12-14, the health and status of the network from the perspective of connectivity 
and throughput are disclosed ); 

periodically evaluating one or more specified conditions at the managed network 
entity (Porras, column 6 , lines 12-17, the continuous measuring of the traffic volume 
detects an abnormal loss in the data rate ); 

when one or more of the specified conditions are satisfied, then gathering specified 
information from the managed network entity (Porras, column 6 , lines 17-20, a sudden 
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drop can be specific both to the network entity being monitor) , preparing a message 
that includes the specified information and the specified conditions that were satisfied 
(Porras, column 6 , lines 23-25, intensity measures are particular suited for detecting 
flooding attacks, while also providing inside into other anomalies ), and sending the 
message to a management point (Porras, column 6, lines 40-46, a monitor receives 
report from other monitors that are performing measures ). 

Regarding claim 2, Porras discloses a method of managing a network entity that is 
initiated by the network entity, the method comprising the computer-implemented steps 
of: receiving a request from a management application for interaction with the managed 
network entity (Porras, column 3 , lines 19-21, network services provide an interface for 
requests internal and external to the domain); 

creating a management request that includes a network element identifier; storing a 
management request in a management proxy while awaiting a poll for the 
management request from the managed network entity (Porras, column8 , lines 32-39, 
column 3, lines 43-45, a resolver is handling all incoming request by subscribers whose 
identities appear in the monitor; the network entity is a proxy server ); 

receiving a periodic poll message from the managed network entity, wherein the poll 
message requests any available management requests applicable to the managed 
network entity (Porras, column 8, lines 14-16, the analysis engines receive large volume 
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selecting one or more management requests that match the managed network entity; 
and delivering the selected one or more management requests to the managed network 
entity (Porras, column 8 , lines 34-39, a resolver handles requests and acts as an 
interface that disseminates requests ). 

Regarding claim 3, Porras discloses a method as recited in Claim 2, further comprising 
the steps of: receiving a responsive management message from the managed network 
entity (Porras, column 4 , lines 55-56, the resolver implements a response policy ); 

storing the responsive management message in the management proxy (Porras, 
column 7, lines 43-45, column 3, lines 43-45, a signature engine records the occurrence 
of specific events; the network entity is a proxy server ); 

receiving a second poll message from the management application, wherein the 
second poll message requests any responsive management messages applicable to 
the management application (Porras, column 7 , lines 32-36, a response from the 
monitor is warranted from activities standing alone or known attacks against the 
system); 



selecting one or more responsive management messages that match the management 
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application (Porras, column 5, lines 21-22, a selection implements packets targeting 
particular network services or applications ); 

and delivering the selected one or more responsive management messages to the 
management application (Porras, column 5, lines 15-20, based on packet sources 
addresses, applications are selected and implemented). 

Regarding claim 4, Porras discloses a method as recited in any of Claims 1 or 2, 
wherein the network entity is within a private network that is managed by a network 
service provider, and wherein the management point is within a public network that is 
owned or operated by the network service provider (Porras, column 3, lines 43-46, a 
virtual private network using the Internet is disclosed). 

Regarding claim 5, a method as recited in any of Claims 1 or 2, wherein the network 
entity is a service appliance (Porras, column 3, lines 43-45, routers, firewall, and proxy 
servers are described as network entities). 

Regarding claim 6, Porras discloses a method as recited in any of Claims 1 or 2, 
wherein the network entity is a switch or router (Porras, column 3, lines 44-45, a router 
is disclosed as a network entity). 

Regarding claim 7, Porras discloses a system for managing a network entity, 
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comprising: one or more management applications hosted in a service provider network 
(Porras, column 3, lines 43-47, routers, firewall, and proxy servers .network entities, are 
parts of a virtual private network); 

a management communication program that is and communicatively coupled to the 
management applications, and comprising one or more sequences of instructions 
which, when executed by the network entity, causes the network entity to perform the 
steps of: monitoring the network entity (Porras, column 6, lines 12-14, the health and 
status of the network from the perspective of connectivity and throughput are 
disclosed ); 

periodically evaluating one or more specified conditions at the network entity; 
when one or more of the specified conditions are satisfied (Porras, column 6 , lines 12- 
17, the continuous measuring of the traffic volume detects an abnormal loss in the data 
rate ), 

then gathering specified information from the network entity (Porras, column 6 , lines 
17-20, a sudden drop can be specific both to the network entity being monitor) , 
preparing a message that includes the specified information and the specified 
conditions that were satisfied (Porras, column 6 , lines 23-25, intensity measures are 
particular suited for detecting flooding attacks, while also providing inside into other 
anomalies ), and sending the message to the management applications (Porras, 
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column 6, lines 40-46, a monitor receives report from other monitors that are performing 
measures ). 

Regarding claim 8, Porras discloses a system as recited in Claim 7, further comprising a 
management communication transport element hosted in the private network, and 
wherein the step of sending the message to the management applications comprises 
the step of sending the message to the management applications using the 
management communication transport element (Porras, column 3, lines 43-45, TCP/IP, 
network entity, handles network packets). 

Regarding claim 9, Porras discloses a system as recited in Claim 8, wherein the 
management communication transport element is hosted at the network entity (Porras, 
column 3, lines 43-45, TCP/IP, network entity, handles network packets). 

Regarding claim 10, Porras discloses a system as recited in Claim 8, wherein the 
management communication transport element is hosted at a proxy server in the private 
network and accessible to the network entity (Porras, column 8, lines 32-39, column 3, 
lines 43-45, a resolver is handling all incoming request by subscribers whose identities 
appear in the monitor; the network entity is a proxy server). 

Regarding claim 1 1 , Porras discloses a system for managing a network entity 
comprising: a management proxy hosted in a service provider network (Porras, column 



Application/Control Number: 10/803,772 
Art Unit: 2155 



Page 9 



3, lines 43-47, proxy servers .network entities, are parts of a virtual private network); 

a management communication transport hosted at the network element and 
communicatively coupled to the management proxy, and comprising one or more 
sequences of instructions which, when executed by the network entity (Porras, column 
3, lines 47-51 , encryption and other security mechanisms ensure the security of the 
network access via network entities), 

causes the network entity to perform the steps of: receiving a request from a 
management application for interaction with the managed network entity (Porras, 
column 3 , lines 19-21 , network services provide an interface for requests internal and 
external to the domain); 

creating a management request that includes a network element identifier (Porras, 
column8 , lines 32-39, a resolver is handling all incoming requests by subscribers 
whose identities appear in the monitor); 

storing a management request in the management proxy while awaiting a poll for the 
management request from the managed network entity (Porras, column7, lines 43-45, 
column 3, lines 43-45, a signature engine records the occurrence of specific events; the 
network entity is a proxy server ); 
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receiving a periodic poll message from the managed network entity, wherein the poll 
message requests any available management requests applicable to the managed 
network entity (Porras, column 8, lines 14-16, the analysis engines receive a large 
volume of events that are feed to the resolver ); 

selecting one or more management requests that match the managed network entity 
(Porras, column 8 , lines 34-39, a resolver handles requests and acts as an interface 
that disseminates requests ); 

and delivering the selected one or more management requests to the managed network 
entity (Porras, column 5 , lines 15-20, based on packet sources addresses, applications 
are selected and implemented). 

Regarding claim 12, Porras discloses a system as recited in Claim 11, wherein the 
instructions further comprise sequences of instructions for performing the steps of: 
receiving a responsive management message from the managed network entity 
(Porras, column 4 , lines 55-56, the resolver implements a response policy ); 

storing the responsive management message in the management proxy (Porras, 
column 7, lines 43-45, column 3, lines 43-45, a signature engine records the occurrence 
of specific events; the network entity is a proxy server ); 
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receiving a second poll message from the management application, wherein the second 
poll message requests any responsive management messages applicable to the 
management application (Porras, column7, lines 43-45, column 3, lines 43-45, a 
signature engine records the occurrence of specific events; the network entity is a proxy 
server ); 

selecting one or more responsive management messages that match the management 
application (Porras, column 5, lines 21-22, a selection implements packets targeting 
particular network service or application ); 

and delivering the selected one or more responsive management messages to the 
management application (Porras, column 5, lines 15-20, based on packet sources 
addresses, applications are selected and implemented). 

Regarding claim 13, Porras discloses a system as recited in Claim 1 1 , wherein the 
management proxy is hosted at the network entity (Porras, column 3, lines 43-47, 
routers, firewall, and proxy servers .network entities, are parts of a virtual private 
network). 

Regarding claim 14, a system as recited in Claim 11, wherein the management proxy is 
hosted at a proxy server in the private network and accessible to the network entity 
(Porras, column 8, lines 32-39, column 3, lines 43-45, a resolver is handling all incoming 



Application/Control Number: 10/803,772 
Art Unit: 2155 



Page 12 



requests by subscribers whose identities appear in the monitor; the network entity is a 
proxy server). 

Regarding claim 15, Porras discloses a system as recited in any of Claims 7 or 1 1 , 
wherein the network entity is within a private network that is managed by a network 
service provider, and wherein the management point is within a public network that is 
owned or operated by the network service provider (Porras, column 3, lines 43-46, a 
virtual private network using the Internet is disclosed). 

Regarding claim 16, Porras discloses a system as recited in any of Claims 7 or 1 1 , 
wherein the network entity is a service appliance (Porras, column 3, lines 43-45, 
routers, firewall, and proxy servers are described as network entities). 

Regarding claim 17, Porras discloses a system as recited in any of Claims 7 or 1 1 , 
wherein the network entity is a switch or router (Porras, column 3, lines 44-45, a router 
is disclosed as a network entity). 

Regarding claim 18, Porras discloses A computer-readable medium carrying one or 
more sequences of instructions for managing a network entity through initiation by the 
network entity, which instructions, when executed by one or more processors, cause the 
one or more processors to carry out the steps of any of Claims 1 , 2, or 3 (Porras, 
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column 3, lines 47-51 , encryptions and other security mechanisms ensure the security 
of the network access via network entities). 

Regarding claim 19, Porras discloses a computer-readable medium as recited in Claim 
18, wherein the network entity is 2 within a private network that is managed by a 
network service provider, and wherein the management point is within a public network 
that is owned or operated by the network service provider (Porras, column 3, lines 43- 
46, a virtual private network using the Internet is disclosed). 

Regarding claim 20, Porras discloses a computer-readable medium as recited in Claim 
18, wherein the network entity is a service appliance (Porras, column 5, lines 21-22, a 
selection implements packets targeting particular network service or application). 

Regarding claim 21 , Porras discloses a computer-readable medium as recited in Claim 
18, wherein the network entity is a switch or router (Porras, column 3, lines 44-45, a 
router is disclosed as a network entity). 

Regarding claim 22, Porras discloses an apparatus for managing a network entity that is 
initiated by the network entity, comprising: means for monitoring the network entity 
(Porras, column 3, lines 41-45, services monitors provide local real time analysis of 
network packets handled by network entities ); 
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means for periodically evaluating one or more specified conditions at the managed 
network entity (Porras, column 6 , lines 12-17, the continuous measuring of the traffic 
volume detects an abnormal loss in the data rate ); 

means for gathering, when one or more of the specified conditions are satisfied 
(Porras, column 6 , lines 17-20, a sudden drop can be specific both to the network entity 
being monitor), 

specified information from the managed network entity, for preparing a message that 
includes the specified information and the specified conditions that were satisfied 
(Porras, column 6 , lines 23-25, intensity measures are particular suited for detecting 
flooding attacks, while also providing inside into other anomalies ), and for sending the 
message to a management point (Porras, column 6, lines 40-46, a monitor receives 
report from other monitors that are performing measures ). 

Regarding claim 23, Porras discloses an apparatus for managing a network entity that is 
initiated by the network entity, comprising: means for receiving a request from a 
management application for interaction with the managed network entity (Porras, 
column 3 , lines 19-21, network services provide an interface for requests internal and 
external to the domain); 
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means for creating a management request that includes a network element identifier 
(Porras, column8 , lines 32-39, a resolver is handling all incoming requests by 
subscribers whose identities appear in the monitor ); 

means for storing a management request in a management proxy while awaiting a poll 
for the management request from the managed network entity (Porras, column 7, lines 
43-45, column 3, lines 43-45, a signature engine records the occurrence of specific 
events; the network entity is a proxy server ); 

means for receiving a periodic poll message from the managed network entity, wherein 
the poll message requests any available management requests applicable to the 
managed network entity (Porras, column 6 , lines 12-17, the continuous measuring of 
the traffic volume detects an abnormal loss in the data rate ); 

means for selecting one or more management requests that match the managed 
network entity (Porras, column 8 , lines 34-39, a resolver handles requests and acts as 
an interface that disseminates requests ); 

and means for delivering the selected one or more management requests to the 
managed network entity (Porras, column 5 , lines 15-20, based on packet sources 
addresses, applications are selected and implemented). 
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Regarding claim 24, Porras discloses an apparatus as recited in Claim 23, further 
comprising: means for receiving a responsive management message from the managed 
network entity (Porras, column 4 , lines 55-56, the resolver implements a response 
policy ); 

means for storing the responsive management message in the management proxy 
(Porras, column 7, lines 43-45, column 3, lines 43-45, a signature engine records the 
occurrence of specific events; the network entity is a proxy server ); 

means for receiving a second poll message from the management application, wherein 
the second poll message requests any responsive management messages applicable 
to the management application (Porras, column 7 , lines 32-36, a response from the 
monitor is warranted from activities standing alone or known attacks against the 
system); 

means for selecting one or more responsive management messages that match the 
management application (Porras, column 5, lines 21-22, a selection implements 
packets targeting particular network services or applications ); 

and means for delivering the selected one or more responsive management messages 
to the management application (Porras, column 5 , lines 15-20, based on packet 
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sources addresses, applications are selected and implemented).. 

Regarding claim 25, Porras discloses an apparatus as recited in any of Claims 22 or 23, 
wherein the network entity is within a private network that is managed by a network 
service provider, and wherein the management point is within a public network that is 
owned or operated by the network service provider (Porras, column 3, lines 43-46, a 
virtual private network using the Internet is disclosed). 

Regarding claim 26, Porras discloses an apparatus as recited in any of Claims 22 or 23, 
wherein the network entity is a service appliance (Porras, column 3, lines 43-45, 
routers, firewall, and proxy servers are described as network entities). 

Regarding claim 27, Porras discloses an apparatus as recited in any of Claims 22 or 23, 
wherein the network entity is a switch or router (Porras, column 3, lines 44-45, a router 
is disclosed as a network entity). 

Regarding claim 28, Porras discloses a method for a network element to initiate 
notification to a management point about an anomalous condition, comprising the 
computer-implemented steps of: receiving first definitions of one or more triggers, each 
comprising one or more conditions (Porras, column 6 , lines 26-30, meta-measures are 
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receiving second definitions of report information (Porras, column 6 , lines 35-38, event 
distribution measures are useful in correlative analysis performed by the monitor that 
receive reports ); 

determining that any of the triggers is satisfied, and in response thereto, initiating at 
the network element communication of at least some of the report information (Porras, 
column 6, lines 28-29, an "1s" command in an FTP session affects the directory 
measure ). 

Regarding claim 29, Porras discloses a method as recited in Claim 28, wherein each of 
the conditions comprises an event, alarm, combination of events or alarms, or pattern of 
events or alarms (Porras, column 14 , lines 7-10, for each event stream a long-term 
and short-term statistical profile is generated ). 

Regarding claim 30, Porras discloses a method as recited in Claim 28, wherein each of 
the conditions comprises a state of the network element (Porras, column 14, lines 32- 
35, potential intrusive activity of one of the anonymous session is statistically 
ameliorated by non-intrusive sessions when a packet is place in a single short-term 
statistical profile). 
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Regarding claim 31, Porras discloses a method as recited in Claim 28, wherein the 
report information describes any of the triggers that were determined as satisfied 
(Porras, column 13, lines 12-16, a permitting statistical analysis distinguishes a normal 
data transfer during a workday and an abnormal data transfer on a weekend evening). 

Regarding claim 32, Porras discloses a method as recited in Claim 28, wherein the 
report information comprises any of a core dump from the network element, a 
configuration of the network element, state information for the network element, or a log 
of the network element (Porras, column 7, lines 51-54, a monitor encoded thresholds to 
monitor activities such as a failed login request). 

Regarding claim 33, Porras discloses a method as recited in Claim 28, wherein the 
steps are performed by a server that is logically separate from the network element, 
wherein the server manages notifications for a plurality of network elements (Porras, 
column 8, lines 62-65, a service monitor in one domain monitor sensitizes service 
monitors in other domains to the same activity). 

Regarding claim 34, Porras discloses a method for a network element to initiate 
notification to a management point about an anomalous condition, comprising the 
computer-implemented steps of: requesting a management gateway that is 
communicatively coupled to the network element to provide one or more application 
requests for the network element that have been stored at the management gateway by 



Application/Control Number: 10/803,772 Page 20 

Art Unit: 2155 

an application (Porras, column8 , lines 32-39, column 3, lines 43-45, a resolver is 
handling all incoming requests by subscribers whose identities appear in the monitor; 
the network entity is a gateway ) ; 

in response to receiving an application request, initiating at the network element a 
communication session between the network element and the management 
application for enabling the network element to reply to the application request (Porras, 
column 7 , lines 32-36, a response from the monitor is warranted from activities 
standing alone or known attacks against the system). 

Regarding claim 35, Porras discloses a method as recited in Claim 34, wherein the 
steps are performed by a server that is logically separate from the network element and 
communicatively coupled to the management gateway (Porras, column 3, lines 43-51 , 
encryptions and other security mechanisms ensure the security of the network access 
via a gateway). 

Regarding claim 36, Porras discloses a method as recited in Claim 34, further 
comprising the step of initiating at the network element communication of at least some 
of the report information that is responsive to the application request (Porras, column 4, 
lines 55-56, the resolver implements a response policy). 



Regarding claim 37, Porras discloses a method as recited in Claim 34, wherein each of 
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the application requests comprises first definitions of one or more triggers, each 
comprising one or more conditions, and second definitions of report information; and 
further comprising the step of determining that any of the triggers is satisfied, and in 
response thereto, initiating at the network element communication of at least some of 
the report information (Porras, column8 , lines 32-39, column 3, lines 43-45, a resolver 
is handling all incoming requests by subscribers whose identities appear in the monitor; 
the network entity is a gateway ). 

Regarding claim 38, Porras discloses a method as recited in Claim 37, wherein each of 
the conditions comprises an event, alarm, combination of events or alarms, or pattern of 
events or alarms (Porras, column 5, lines 4-10, selection of packets is based on 
packets not allowed to a gateway). 

Regarding claim 39, Porras discloses a method as recited in Claim 37, wherein each of 
the conditions comprises a state of the network element (Porras, column 5, lines 12-14, 
a packet targets a port of the network). 

Regarding claim 40, Porras discloses a method as recited in Claim 37, wherein the 
report information describes any of the triggers that were determined as satisfied 
(Porras, column 5, line 10, packets reach gateway). 

Regarding claim 41, Porras discloses a method as recited in Claim 37, wherein the 
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report information comprises any of a core dump from the network element, a 
configuration of the network element, state information for the network element, or a log 
of the network element (Porras, column 5 , line, a common protocol is been used for 
packets in the network). 

6. The prior arts made of record and not relied upon are considered pertinent to 
applicant's disclosure. Clark et al. (US 6,131,117) is made part of the record because of 
the teaching of monitoring network resources. Buyukkoc et al. (US 6,1 89,043 B1 ) is 
made part of the record because of the teaching of monitoring service requests. Martin 
(US 6,263,368 B1) is made part of the record because of the monitoring traffic network. 
Hogan et al. (US 6279038 B1 ) is made part of the record because of the teaching of 
fraud detection system. Massa et al. (US 6,658,469 B1 ) is made part of the record 
because of the teaching of observing applications. Jakobson et al. (US 6766368 B1) is 
made part of the record because of the teaching of monitoring events. 



Conclusion 

7. Any inquiry concerning this communication from the examiner should be 
directed to Marie Georges Henry whose telephone number is (571) 270-3226. The 

examiner can normally be reached on Monday to Friday 7:30am - 4:00pm. If attempts to 
reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh 
Najjar can be reached on (571 ) 272-4006. The fax phone number for the organization 
where this application or proceeding is assigned is 571-273-8300. Information regarding 
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the status of an application may be obtained from the Patent Application Information 
Retrieval (PAIR) system. Status information for published applications may be obtained 
from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the 
PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to 
the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217- 
9197 (toll-free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786-9199 (IN 
USA OR CANADA) or 571-272-1000. 

/Marie Georges Henry/ 
Examiner, Art Unit 2155 
/saleh najjar/ 

Supervisory Patent Examiner, Art Unit 2155 



